By Mike Lennon on April 14, 2021
FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice (DoJ) said Tuesday.
After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers.
In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.
iTWire Wednesday, 14 April 2021 17:54 FBI cleans up Web shells on Microsoft Exchange Server installations Featured Image by Clker-Free-Vector-Images from Pixabay
The FBI has intervened to clean up the mess left by attacks on on-premise Microsoft Exchange Server installations after obtaining court orders to access hundreds of vulnerable machines in the US and remove Web shells.
In
a statement issued on Tuesday, the Department of Justice said these servers had been exploited in January and February by some groups who used zero-day vulnerabilities that Microsoft
publicised on 3 March.
More groups piled on in March while some of the earlier Web shells were removed by the owners, the statement said.
Over 10 different threat groups exploit Microsoft mail server flaws, researchers say
Updated:
Updated:
March 11, 2021 17:00 IST
The anti-virus software maker said threat actors potentially used Microsoft’s mail server flaws to install malware like web shells and gain backdoor entry into victims’ email servers. It has identified the presence of web shells on more than 5,000 unique servers in over 115 countries.
Share Article
Over 10 different threat groups exploit Microsoft mail server flaws.
| Photo Credit: Reuters
The anti-virus software maker said threat actors potentially used Microsoft’s mail server flaws to install malware like web shells and gain backdoor entry into victims’ email servers. It has identified the presence of web shells on more than 5,000 unique servers in over 115 countries.
ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack, the agencies said. Adversaries may also sell access to compromised networks on the dark web.
The attacks have primarily targeted local governments, academic institutions, non-governmental organizations, and business entities in various industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical, which the agencies say are in line with previous activity conducted by Chinese cyber